Bug#705252: modsecurity-crs: Execution error - PCRE limits exceeded (-8): (null)

Thu, 11 Apr 2013 17:03:17 -0700 

Package: modsecurity-crs
Version: 2.2.5-2
Severity: normal

All requests are blocked with:

--e89aa861-H--
Message: Rule 7f2a17e96280 [id "950901"][file 
"/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line
 "77"] - Execution error - PCRE limits exceeded (-8): (null).
Message: Rule 7f2a17e96280 [id "950901"][file 
"/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line
 "77"] - Execution error - PCRE limits exceeded (-8): (null).
Message: Rule 7f2a17e96280 [id "950901"][file 
"/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line
 "77"] - Execution error - PCRE limits exceeded (-8): (null).
Message: Rule 7f2a17e96280 [id "950901"][file 
"/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line
 "77"] - Execution error - PCRE limits exceeded (-8): (null).
Message: Access denied with code 403 (phase 2). Match of "streq 0" against 
"TX:MSC_PCRE_LIMITS_EXCEEDED" required. [file 
"/etc/modsecurity/modsecurity.conf"] [line "95"] [msg "ModSecurity internal 
error flagged: TX:MSC_PCRE_LIMITS_EXCEEDED"]
Action: Intercepted (phase 2)
Stopwatch: 1365724321610331 46739 (- - -)
Stopwatch2: 1365724321610331 46739; combined=43414, p1=532, p2=41873, p3=0, 
p4=0, p5=1004, sr=191, sw=5, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.6.6 (http://www.modsecurity.org/); 
OWASP_CRS/2.2.5.
Server: Apache

--e89aa861-Z--

Increasing SecPcreMatchLimit, SecPcreMatchLimitRecursion, pcre.backtrack_limit 
and pcre.recursion_limit does not help.

--e89aa861-Z--

-- System Information:
Debian Release: 7.0
  APT prefers stable
  APT policy: (990, 'stable'), (400, 'testing'), (300, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.4.0-Soleus (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages modsecurity-crs depends on:
ii  libapache2-modsecurity  2.6.6-6

modsecurity-crs recommends no packages.

Versions of packages modsecurity-crs suggests:
pn  lua  <none>

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to